SUSE-SU-2020:14382-1: moderate: Security update for w3m

sle-security-updates at sle-security-updates at
Wed Jun 3 04:16:36 MDT 2020

   SUSE Security Update: Security update for w3m

Announcement ID:    SUSE-SU-2020:14382-1
Rating:             moderate
References:         #1077559 #1077568 #1077572 
Cross-References:   CVE-2018-6196 CVE-2018-6197 CVE-2018-6198
Affected Products:
                    SUSE Linux Enterprise Debuginfo 11-SP4

   An update that fixes three vulnerabilities is now available.


   This update for w3m fixes several issues.

   These security issues were fixed:

   - CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the
     feed_table_block_tag function which did not prevent a negative indent
     value (bsc#1077559)
   - CVE-2018-6197: Prevent NULL pointer dereference in formUpdateBuffer
   - CVE-2018-6198: w3m did not properly handle temporary files when the
     ~/.w3m directory is unwritable, which allowed a local attacker to craft
     a symlink attack to overwrite arbitrary files (bsc#1077572)

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-w3m-14382=1

Package List:

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):



More information about the sle-security-updates mailing list